How to configure the WIPS countermeasure function
- 0 Followed
- 0Collected ,656Browsed
Network Topology
NULL
Problem Description
According to the matching of the SSID or the MAC address of the AP using the wireless service, the user-defined scanning rules can be used to define illegal devices and counteract them.
Process Analysis
NULL
Solution
Configure SSID detection on cloudnet:
1. From the left navigation pane, select Settings > ACs > WLAN Security;
2. Select a branch, a site, and a device from the top of the work pane. Click the SSID Detection tab;
3. Enable SSID detection;
4. Configure detection rules and countermeasure state. Click Add. In the window that opens, select an SSID rule or MAC rule, specify the matching criterion, and enable countermeasure as needed. To add a rule, click the "+" icon. You can configure a maximum of 10 rules for SSID detection. To edit a rule, click the Edit icon in the SSID detection rule list;
5. Select sensor APs. Select APs in the Available list and click the ">" icon to add the APs into the Selected list. You can select a maximum of 128 APs;
6. To simplify the procedure, click Copy SSID Detection Cfg to copy sensor AP configuration from the SSID Detection page. To view wireless security monitoring information, access the Smart O&M > Security > SSID Detection page;
Configure SSID detection on CLI interface:
#
wips
#
ap-classification rule 50010
ssid equal ceshi
#
classification policy oasis_classification_policy_219801A2VS821BE0010P
apply ap-classification rule 50010 rogue-ap severity-level 100
#
countermeasure policy oasis_countermeasure_policy_219801A2VS821BE0010P
countermeasure rogue-ap
#
detect policy oasis_detect_policy_219801A2VS821BE0010P
#
virtual-security-domain oasis_vsd_219801A2VS821BE0010P
apply classification policy oasis_classification_policy_219801A2VS821BE0010P
apply countermeasure policy oasis_countermeasure_policy_219801A2VS821BE0010P
apply detect policy oasis_detect_policy_219801A2VS821BE0010P
#